GDPR is coming! New features from PlayFab to help you prepare.

This May, the European Union's General Data Protection Regulation (GDPR) will roar to life and begin enforcing new privacy regulations on how data is collected, processed, and stored. If you have customers or employees residing in the European Union, then you are no doubt already preparing to meet these new requirements.

We're here to help.

PlayFab is committed to being GDPR compliant ourselves, and as your service provider, ensuring that we provide you with the hooks you need to allow players to view or delete the data stored about them.

While we can’t provide you legal advice—and we do encourage you to seek legal counsel to ensure your compliance with the GDPR—we are here to help you fulfill your obligations under GDPR.

As you’ve probably heard by now, the GDPR requires that data subjects – your players – have the ability to view, export, and in some cases, edit or delete the data which has been collected about them. Furthermore, the GDPR leverages the concept of data controllers and data processors to lay out these requirements. Generally speaking, a controller is the entity which has an agreement or contract with the data subject to enable the collection of the data (usually in exchange for performing a service) while a processor has an agreement with a controller to process that data on their behalf.

As the developer with a direct relationship with your player, you are most likely a controller of your players’ data. Since PlayFab is storing this data on your behalf, we are most likely a processor of this player data.

We’re announcing two new APIs in PlayFab to provide better transparency and controls over the data we store about your players on your behalf as your processor. Here’s a sneak peek:

ExportMasterPlayerData: Call this API to export and make viewable the information PlayFab has collected on behalf of your title for a given player.

Initially, these APIs will be available in a test mode, with full functionality coming in time for the May 25 deadline. You can call them directly or access these new features via our game manager portal under player management. Both return a response immediately and will work in the background until complete. Once complete, both result in an email being sent to your studio’s contact email address as configured in your title settings. In the case of ExportMasterPlayerData, we’ll include a download URI in the email. For a DeleteMasterPlayer request, it’ll be a confirmation that the delete has finished. It’s up to you to then pass the information or confirmation along to the player. For more information on how to use these APIs, check out the tutorial!

More GDPR related changes to PlayFab are coming, including an update to our Terms of Service. We are also working on a tutorial describing how to use these new APIs in more depth. We’ll announce more information on these changes shortly.